Re: Concrete ideas for the December-March OPW?

From: Christian Hergert <christian hergert me>
To: safety-list gnome org
Subject: Re: Concrete ideas for the December-March OPW?
Date: Wed, 29 Oct 2014 14:29:07 -0700

On 10/29/2014 12:46 PM, Hans Petter Jansson wrote:

* Whenever a USB device is plugged in
  * If device is on whitelist OR is simple human interface device
    * [ALLOW]
  * Otherwise (device is not on whitelist and is not simple HID)
    * If in lock screen
      * Add to deferred decision list
    * Otherwise (not in lock screen)
      * [PROMPT] If user accepts device
        * Add device to whitelist
        * [ALLOW]
      * Otherwise (user rejected device)
        * [DENY]


Another problem is that some USB devices are simply attack devices. They
fake a vendor and product id to cause a specific kernel module to be
loaded which is exploitable.

I imagine in some cases, we want to prevent the driver itself from being
loaded. Is this something we can do? I'm not sure how we would determine
what that is, or if we have the hooks into the (Linux) kernel to be able
to do this.

-- Christian

Follow-Ups:
- Re: Concrete ideas for the December-March OPW?
  - From: Hans Petter Jansson

References:
- Concrete ideas for the December-March OPW?
  - From: Federico Mena Quintero
- Re: Concrete ideas for the December-March OPW?
  - From: Tobias Mueller
- Re: Concrete ideas for the December-March OPW?
  - From: Hans Petter Jansson
- Re: Concrete ideas for the December-March OPW?
  - From: Tobias Mueller
- Re: Concrete ideas for the December-March OPW?
  - From: Hans Petter Jansson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]